The line above will cause the username and password to be exposed in my url after logging in. And of course, I don't want that.

Oh, and I can not do it through a form post action, because I use an extra file, called
cathlogin.php3, which does two things:
1) set two cookies
2) redirect to the opening page of my site through an external server (which generates a passport).

So what I need is some kind of encoding-stuff for variables appended to a url.

I hope someone can help me with this problem. There should be some encoding or security stuff which I can use also.

If you would like only hide the values of this two wvariable you can also make a framesite. So in the browser you see only the frameseites-name and not your content-sites-name (witch includes the two variables with there content)!

Attention! The user can also call the site manually by typing the url into the browser so he can see the values content!!